Security News > 2022 > May > Microsoft Finds Critical Bugs in Pre-Installed Apps on Millions of Android Devices

Four high severity vulnerabilities have been disclosed in a framework used by pre-installed Android System apps with millions of downloads.

"As it is with many of pre-installed or default applications that most Android devices come with these days, some of the affected apps cannot be fully uninstalled or disabled without gaining root access to the device," the Microsoft 365 Defender Research Team said in a report published Friday.

Microsoft didn't disclose the complete list of apps that use the vulnerable framework in question, which is designed to offer self-diagnostic mechanisms to identify and fix issues impacting an Android device.

Some of the affected apps are from large international mobile service providers such as Telus, AT&T, Rogers, Freedom Mobile, and Bell Canada -.

Microsoft is recommending users to look out for the app package "Com.mce.mceiotraceagent" - an app that may have been installed by mobile phone repair shops - and remove it from the phones, if found.

The susceptible apps, although pre-installed by the phone providers, are also available on the Google Play Store and are said to have passed the app storefront's automatic safety checks without raising any red flags because the process was not engineered to look out for these issues, something that has since been rectified.

News URL

https://thehackernews.com/2022/05/microsoft-finds-critical-bugs-in-pre.html